原文地址:http://stackoverflow.com/questions/13354158/how-to-query-for-a-liststring-in-jdbctemplate
|
I'm using springs jdbctemplate and running a query like below:
SELECT COLNAME FROM TABLEA GROUP BY COLNAME
There are no named parameters being passed, however, column name, COLNAME , will be passed by the user.
Questions
-
Is there a way to have placeholders, like ? for column names? For example SELECT ? FROM TABLEA GROUP BY ?
-
If I want to simply run the above query and get a List<String> what is the best way?
Currently I'm doing:
List <Map<String, Object>> data = getJdbcTemplate().queryForList(query);
for (Map m : data)
System.out.println(m.get("COLNAME"));
|
Answers
|
Is there a way to have placeholders, like ? for column names? For example SELECT ? FROM TABLEA GROUP BY ?
Use dynamic query as below:
String queryString = "SELECT "+ colName+ " FROM TABLEA GROUP BY "+ colName;
If I want to simply run the above query and get a List what is the best way?
List<String> data = getJdbcTemplate().query(query, new RowMapper<String>(){
public String mapRow(ResultSet rs, int rowNum)
throws SQLException {
return rs.getString(1);
}
});
EDIT: To Stop SQL Injection, check for non word characters in the colName as :
Pattern pattern = Pattern.compile("\W");
if(pattern.matcher(str).find()){
//throw exception as invalid column name
}
|